Re: TOS copying considered harmful

[Jun-ichiro itojun Hagino <itojun@iijlab.net>]

>>         I don't understand the last sentence.  why sequence numbers are the
>>         issue?  they are defined per SA (= unique to src, and normally
>>         identifies single dst), and should not matter even if we add a tunnel
>>         encapsulation.  could you tell us more?
>
>The anti-replay mechanism is based on these sequence numbers. Replayed packets but
>also packets arriving on the left of the sliding window used to implement this
>mechanism are thrown away. If the TOS is copied from inner to outer header and you
>have different classes of service inside a single tunnel (a single SA), then you are
>subject to packet reordering if some nodes on the tunnel path do QoS based on the tos
>(or dscp). At a certain level of reordering, low prio packets will arrive too late at
>dst, i.e. on the left of the window and be deleted. This is not expected. Once again,
>this is discussed in the draft I mentionned above.

	I see.  RFC2402 mandates 32bit bitmap, and recommends 64bit bitmap.
	- is 64bit not enough for normal nodes?
	- if larger window size helps, how big do you suggest?
	- if not, what other mechanism do you suggest?

itojun

---

Follow-Ups:

• Re: TOS copying considered harmful
• From: Olivier Kreet <olivier.kreet@sxb.bsf.alcatel.fr>

References:

• Re: TOS copying considered harmful
• From: Olivier Kreet <olivier.kreet@sxb.bsf.alcatel.fr>

---

• Prev by Date: RE: TOS copying considered harmful
• Next by Date: Re: TOS copying considered harmful
• Prev by thread: Re: TOS copying considered harmful
• Next by thread: Re: TOS copying considered harmful
• Index(es):
  • Main
  • Thread